General

  • Target

    575d4207fb6f09581df75a27e1acb7d18bf8e1c7711fd141cb29c5714d8f30fd

  • Size

    666KB

  • Sample

    241109-xq1hqszfqn

  • MD5

    7f4124df4efbb2bf4fa38da97e52a6fb

  • SHA1

    ac7f81f969953cfe172ad7763f54ea113d58920f

  • SHA256

    575d4207fb6f09581df75a27e1acb7d18bf8e1c7711fd141cb29c5714d8f30fd

  • SHA512

    fe2e97140b3b35e9f78f8e98d5b2401f5190cd3c353d8d26155f13c94ddf1157641a2b4727ee78265d973b9495cba96aff73296a308f5c77cba292148eb21cc6

  • SSDEEP

    12288:cMrcy90AWtSt9zLGheN3Dcx7iF2WuQ3D0vMHRcmiStp+r1C/Vx+VST81t:gy/A20sZAx7iF2U3D0vSRbiStY1Cr+Vd

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      575d4207fb6f09581df75a27e1acb7d18bf8e1c7711fd141cb29c5714d8f30fd

    • Size

      666KB

    • MD5

      7f4124df4efbb2bf4fa38da97e52a6fb

    • SHA1

      ac7f81f969953cfe172ad7763f54ea113d58920f

    • SHA256

      575d4207fb6f09581df75a27e1acb7d18bf8e1c7711fd141cb29c5714d8f30fd

    • SHA512

      fe2e97140b3b35e9f78f8e98d5b2401f5190cd3c353d8d26155f13c94ddf1157641a2b4727ee78265d973b9495cba96aff73296a308f5c77cba292148eb21cc6

    • SSDEEP

      12288:cMrcy90AWtSt9zLGheN3Dcx7iF2WuQ3D0vMHRcmiStp+r1C/Vx+VST81t:gy/A20sZAx7iF2U3D0vSRbiStY1Cr+Vd

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks